Nostr notes by CrowdCyber.com

Trigona ransomware attacks use custom exfiltration tool to steal ...

2026-04-24T02:15:48+02:00

Trigona ransomware attacks use custom exfiltration tool to steal data

https://www.bleepingcomputer.com/news/security/trigona-ransomware-attacks-use-custom-exfiltration-tool-to-steal-data/

In the Wild: Information Disclosure (CVE-2026-20133) Exploited in ...

2026-04-23T21:24:20+02:00

In the Wild: Information Disclosure (CVE-2026-20133) Exploited in Cisco SD-WAN Manager

https://securityonline.info/cisco-sd-wan-manager-information-disclosure-cve-2026-20133-exploit/

Recently leaked Windows zero-days now exploited in attacks ...

2026-04-17T09:30:26+02:00

Recently leaked Windows zero-days now exploited in attacks

https://www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/

Your Supply Chain Breach Is Someone Else's Payday ...

2026-04-16T02:07:05+02:00

Your Supply Chain Breach Is Someone Else's Payday

https://www.recordedfuture.com/blog/your-supply-chain-breach-is-someone-else-payday

CVE-2026-4370 (CVSS 10): Critical Juju Flaw Grants Attackers ...

2026-04-04T23:27:54+02:00

CVE-2026-4370 (CVSS 10): Critical Juju Flaw Grants Attackers Total Infrastructure Control

https://securityonline.info/juju-critical-vulnerability-cvss-10-cve-2026-4370/

Venom Stealer MaaS Platform Commoditizes ClickFix Attacks ...

2026-04-04T20:57:28+02:00

Venom Stealer MaaS Platform Commoditizes ClickFix Attacks

https://www.darkreading.com/endpoint-security/venom-stealer-maas-commoditizes-clickfix-attacks

Recorded Future Expands Coverage of Scams and Financial Fraud ...

2026-04-04T18:41:15+02:00

Recorded Future Expands Coverage of Scams and Financial Fraud with Money Mule Intelligence from CYBERA

https://www.recordedfuture.com/blog/recorded-future-money-mule-intelligence-cybera

New Progress ShareFile flaws can be chained in pre-auth RCE ...

2026-04-04T16:05:54+02:00

New Progress ShareFile flaws can be chained in pre-auth RCE attacks

https://www.bleepingcomputer.com/news/security/new-progress-sharefile-flaws-can-be-chained-in-pre-auth-rce-attacks/

Threat Intel: Attacker makes off with $1.58 million in Space-X ...

2026-04-04T13:58:50+02:00

Threat Intel: Attacker makes off with $1.58 million in Space-X Elon Deepfake Crypto Heist

https://www.karma-x.io/blog/post/36/

Converging Interests: Analysis of Threat Clusters Targeting a ...

2026-04-04T11:54:33+02:00

Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government

https://www.karma-x.io/blog/post/58/

Handala Hack: Unveiling the Modus Operandi of a State‑Backed ...

2026-04-04T09:53:10+02:00

Handala Hack: Unveiling the Modus Operandi of a State‑Backed Wiper

https://www.karma-x.io/blog/post/56/

Residential proxies evaded IP reputation checks in 78% of 4B ...

2026-04-04T07:41:02+02:00

Residential proxies evaded IP reputation checks in 78% of 4B sessions

https://www.bleepingcomputer.com/news/security/residential-proxies-evaded-ip-reputation-checks-in-78-percent-of-4b-sessions/

Critical Vulnerability in Coldcard Hardware Wallets ...

2026-04-04T05:34:17+02:00

Critical Vulnerability in Coldcard Hardware Wallets

https://www.karma-x.io/blog/post/41/

Inside LinkedIn's Surveillance Engine: 48 Browser ...

2026-04-04T02:53:29+02:00

Inside LinkedIn's Surveillance Engine: 48 Browser Fingerprints, Hidden Iframes, and What Users Should Know

https://www.karma-x.io/blog/post/64/

Windows Error Reporting Local Privilege Escalation ...

2026-04-04T00:37:05+02:00

Windows Error Reporting Local Privilege Escalation (CVE‑2026‑20817): In‑Depth Technical Analysis, Detection, and Mitigation

https://www.karma-x.io/blog/post/50/

F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation ...

2026-04-03T22:25:18+02:00

F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation

https://www.darkreading.com/application-security/f5-big-ip-vulnerability-reclassified-rce-exploitation

Using undocumented AWS CodeBuild endpoints to extract privileged ...

2026-04-03T18:57:26+02:00

Using undocumented AWS CodeBuild endpoints to extract privileged tokens from AWS CodeConnections allowing lateral movement and privilege escalation through an organisation's codebase

https://www.reddit.com/r/netsec/comments/1sbe9tn/using_undocumented_aws_codebuild_endpoints_to/

Red Menshen’s Upgraded BPFdoor: How China’s Stealthiest ...

2026-04-03T16:56:07+02:00

Red Menshen’s Upgraded BPFdoor: How China’s Stealthiest Backdoor Infiltrates Global Telecom Networks

https://www.karma-x.io/blog/post/59/

Inside the Rapid Evolution of the BlankGrabber Stealer ...

2026-04-03T14:43:25+02:00

Inside the Rapid Evolution of the BlankGrabber Stealer

https://securityonline.info/blankgrabber-python-info-stealer-malware-analysis-splunk/

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root ...

2026-04-03T12:27:49+02:00

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)

https://www.reddit.com/r/netsec/comments/1s8y8pp/mad_bugs_claude_wrote_a_full_freebsd_remote/

Axios npm Package Compromised: Supply Chain Attack via Phantom ...

2026-04-03T09:55:32+02:00

Axios npm Package Compromised: Supply Chain Attack via Phantom Dependency Drops Cross-Platform RAT

https://www.karma-x.io/blog/post/62/

Russian CTRL Toolkit: How Malicious LNK Files Enable RDP ...

2026-04-03T07:55:16+02:00

Russian CTRL Toolkit: How Malicious LNK Files Enable RDP Hijacking via Reverse Tunnels

https://www.karma-x.io/blog/post/60/

Backdoor In Common Linux Utility XZ, Multiple Distros Affected: ...

2026-04-03T05:52:49+02:00

Backdoor In Common Linux Utility XZ, Multiple Distros Affected: Everything We Know

https://www.karma-x.io/blog/post/23/

Security Alert: Critical Vulnerability Hits Anritsu Remote ...

2026-04-03T03:10:35+02:00

Security Alert: Critical Vulnerability Hits Anritsu Remote Spectrum Monitors

https://securityonline.info/anritsu-spectrum-monitor-unpatchable-vulnerability-cve-2026-3356/

LiteLLM Supply-Chain Attack: How Trojanized PyPI Packages Turned ...

2026-04-03T00:43:37+02:00

LiteLLM Supply-Chain Attack: How Trojanized PyPI Packages Turned an AI Gateway Into a Data Exfiltration Tool

https://www.karma-x.io/blog/post/63/

How AI Coding Tools Crushed the Endpoint Security Fortress ...

2026-04-02T22:42:11+02:00

How AI Coding Tools Crushed the Endpoint Security Fortress

https://www.darkreading.com/application-security/ai-coding-tools-endpoint-security

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks ...

2026-04-02T20:10:15+02:00

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks

https://www.bleepingcomputer.com/news/security/over-14-000-f5-big-ip-apm-instances-still-exposed-to-rce-attacks/

Breakdown: How TeamPCP hid malware inside WAV files using audio ...

2026-04-02T17:02:10+02:00

Breakdown: How TeamPCP hid malware inside WAV files using audio steganography

https://www.reddit.com/r/netsec/comments/1s6weca/breakdown_how_teampcp_hid_malware_inside_wav/

You’re Not Supposed To ShareFile With Everyone (Progress ...

2026-04-02T14:04:22+02:00

You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs

https://www.reddit.com/r/netsec/comments/1saebwi/youre_not_supposed_to_sharefile_with_everyone/

The Triple-Headed Dragon: Inside the Three-Cluster Chinese ...

2026-04-02T12:00:09+02:00

The Triple-Headed Dragon: Inside the Three-Cluster Chinese Cyberespionage Campaign Targeting SE Asia

https://securityonline.info/stately-taurus-southeast-asia-cyberespionage-three-clusters-unit-42/

'NoVoice' Android malware on Google Play infected 2.3 ...

2026-04-02T09:34:06+02:00

'NoVoice' Android malware on Google Play infected 2.3 million devices

https://www.bleepingcomputer.com/news/security/novoice-android-malware-on-google-play-infected-23-million-devices/

Axios NPM Package Compromised in Precision Attack ...

2026-04-02T05:28:31+02:00

Axios NPM Package Compromised in Precision Attack

https://www.darkreading.com/application-security/axios-npm-package-compromised-precision-attack

New EvilTokens service fuels Microsoft device code phishing ...

2026-04-02T03:22:11+02:00

New EvilTokens service fuels Microsoft device code phishing attacks

https://www.bleepingcomputer.com/news/security/new-eviltokens-service-fuels-microsoft-device-code-phishing-attacks/

Takedown-Proof: Inside the Ethereum-Powered “EtherRAT” and ...

2026-04-02T00:41:17+02:00

Takedown-Proof: Inside the Ethereum-Powered “EtherRAT” and North Korea’s New Blockchain Backdoor

https://securityonline.info/etherrat-malware-ethereum-blockchain-c2-etherhiding/

Ghost in the Drone: Unauthenticated Shell Access in PX4 ...

2026-04-01T21:00:04+02:00

Ghost in the Drone: Unauthenticated Shell Access in PX4 Autopilot’s 9.8 CVSS Nightmare

https://securityonline.info/px4-autopilot-mavlink-vulnerability-cve-2026-1579/

NocoBase Critical Alert: Sandbox Escape Grants Attackers Root ...

2026-04-01T17:00:27+02:00

NocoBase Critical Alert: Sandbox Escape Grants Attackers Root Access

https://securityonline.info/nocobase-critical-rce-sandbox-escape-cve-2026-34156/

Axios supply chain attack chops away at npm trust ...

2026-04-01T14:05:26+02:00

Axios supply chain attack chops away at npm trust

https://www.malwarebytes.com/blog/news/2026/03/axios-supply-chain-attack-chops-away-at-npm-trust

Exploited in the Wild: Google Issues Emergency Patch for Chrome ...

2026-04-01T12:03:46+02:00

Exploited in the Wild: Google Issues Emergency Patch for Chrome Zero-Day (CVE-2026-5281) in Dawn Component

https://securityonline.info/google-chrome-zero-day-patch-cve-2026-5281-exploited-in-the-wild/

Hackers compromise Axios npm package to drop cross-platform ...

2026-04-01T09:53:08+02:00

Hackers compromise Axios npm package to drop cross-platform malware

https://www.bleepingcomputer.com/news/security/hackers-compromise-axios-npm-package-to-drop-cross-platform-malware/

LangDrained: Path traversal, SQL injection, and Deserialization ...

2026-04-01T07:42:13+02:00

LangDrained: Path traversal, SQL injection, and Deserialization of untrusted data in LangChain

https://www.reddit.com/r/netsec/comments/1s7jexg/langdrained_path_traversal_sql_injection_and/

TrueChaos: The TrueConf Zero-Day That Turned Secure Updates Into ...

2026-04-01T04:38:24+02:00

TrueChaos: The TrueConf Zero-Day That Turned Secure Updates Into a Government Espionage Backdoor

https://securityonline.info/trueconf-zero-day-vulnerability-cve-2026-3502-truechaos-campaign/

One POST request, six API keys: breaking into popular MCP servers ...

2026-04-01T04:25:25+02:00

One POST request, six API keys: breaking into popular MCP servers

https://www.reddit.com/r/netsec/comments/1s7tyuh/one_post_request_six_api_keys_breaking_into/

PSA: That 'Disable NTLMv1' GPO you set years ago? It’s ...

2026-04-01T04:17:52+02:00

PSA: That 'Disable NTLMv1' GPO you set years ago? It’s lying to you. LmCompatibilityLevel set to 5 is not enough.

https://www.reddit.com/r/netsec/comments/1s8wb2q/psa_that_disable_ntlmv1_gpo_you_set_years_ago_its/

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials ...

2026-04-01T02:15:52+02:00

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

https://www.darkreading.com/cloud-security/teampcp-breaches-cloud-saas-instances-stolen-credentials

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java ...

2026-03-31T22:50:02+02:00

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java Agent

https://securityonline.info/opentelemetry-java-agent-rce-vulnerability-cve-2026-33701/

Critical CrewAI Vulnerabilities Allow RCE and Sandbox Escapes via ...

2026-03-31T16:03:34+02:00

Critical CrewAI Vulnerabilities Allow RCE and Sandbox Escapes via Prompt Injection

https://securityonline.info/crewai-vulnerabilities-rce-ssrf-sandbox-escape-cve-2026/

The 25-Second Heist: Inside FAUX#ELEVATE’s “Inflated” ...

2026-03-31T14:01:42+02:00

The 25-Second Heist: Inside FAUX#ELEVATE’s “Inflated” Phishing Attack on French Corporations

https://securityonline.info/faux-elevate-malware-campaign-french-corporate-phishing/

The Instant Weaponization of Oracle’s 10.0 CVSS ...

2026-03-31T11:54:12+02:00

The Instant Weaponization of Oracle’s 10.0 CVSS “Zero-Day-Like” Flaw

https://securityonline.info/oracle-weblogic-rce-vulnerability-cve-2026-21962-exploitation/

The Malware That Chats Back: Inside G DATA’s Real-Time Notepad ...

2026-03-31T09:51:37+02:00

The Malware That Chats Back: Inside G DATA’s Real-Time Notepad Encounter with the “Kiss Loader” Author

https://securityonline.info/kiss-loader-malware-notepad-chat-early-bird-injection-analysis/

AI-Powered Dependency Decisions Introduce, Ignore Security Bugs ...

2026-03-31T07:03:20+02:00

AI-Powered Dependency Decisions Introduce, Ignore Security Bugs

https://www.darkreading.com/application-security/ai-powered-dependency-decisions-security-bugs

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead ...

2026-03-31T04:57:26+02:00

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT

https://securityonline.info/axios-npm-supply-chain-attack-poisoned-versions-rat/

AI-Powered 'DeepLoad' Malware Steals Credentials, Evades ...

2026-03-31T02:48:07+02:00

AI-Powered 'DeepLoad' Malware Steals Credentials, Evades Detection

https://www.darkreading.com/cyberattacks-data-breaches/ai-powered-deepload-steals-credentials-evades-detection

Scriban’s “Leaky” Cache: A 9.1 CVSS Sandbox Escape Hits 40 ...

2026-03-31T00:26:11+02:00

Scriban’s “Leaky” Cache: A 9.1 CVSS Sandbox Escape Hits 40 Million .NET Installs

https://securityonline.info/scriban-dotnet-vulnerability-sandbox-escape-cache-bypass/

The 30-Year Glitch: RCE and ARM Exploits Uncovered in libpng ...

2026-03-30T22:20:31+02:00

The 30-Year Glitch: RCE and ARM Exploits Uncovered in libpng Reference Library

https://securityonline.info/libpng-vulnerability-rce-arm-neon-cve-2026-33636-cve-2026-33416/

The Weakest Link: Popular Node.js Config Library “Convict” ...

2026-03-30T20:18:33+02:00

The Weakest Link: Popular Node.js Config Library “Convict” Hit by Prototype Pollution

https://securityonline.info/node-convict-prototype-pollution-vulnerability-cve-2026-33864/

High-Severity RCE Discovered in Foreman’s WebSocket Proxy ...

2026-03-30T18:08:18+02:00

High-Severity RCE Discovered in Foreman’s WebSocket Proxy

https://securityonline.info/foreman-rce-vulnerability-cve-2026-1961-command-injection/

Critical Fortinet Forticlient EMS flaw now exploited in attacks ...

2026-03-30T16:08:07+02:00

Critical Fortinet Forticlient EMS flaw now exploited in attacks

https://www.bleepingcomputer.com/news/security/critical-fortinet-forticlient-ems-flaw-now-exploited-in-attacks/

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 23 ...

2026-03-30T14:06:41+02:00

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 23 – March 29, 2026)

https://securityonline.info/weekly-vulnerability-roundup-march-23-29-2026-cisa-kev-trivy/

The “Gentlemen” Ransomware Toolkit and the Lethal z1.bat ...

2026-03-30T11:31:36+02:00

The “Gentlemen” Ransomware Toolkit and the Lethal z1.bat Pre-Encryption Weapon

https://securityonline.info/the-gentlemen-ransomware-toolkit-z1-bat-scorched-earth-script/

SideWinder Espionage Campaign Expands Across Southeast Asia ...

2026-03-30T11:00:39+02:00

SideWinder Espionage Campaign Expands Across Southeast Asia

https://www.darkreading.com/threat-intelligence/sidewinder-espionage-campaign-expands-across-southeast-asia

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks ...

2026-03-30T08:26:30+02:00

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

https://krebsonsecurity.com/2026/03/feds-disrupt-iot-botnets-behind-huge-ddos-attacks/

File read flaw in Smart Slider plugin impacts 500K WordPress ...

2026-03-30T06:19:02+02:00

File read flaw in Smart Slider plugin impacts 500K WordPress sites

https://www.bleepingcomputer.com/news/security/file-read-flaw-in-smart-slider-plugin-impacts-500k-wordpress-sites/

Hacking a Robot Vacuum ...

2026-03-30T04:08:20+02:00

Hacking a Robot Vacuum

https://www.schneier.com/blog/archives/2026/03/hacking-a-robot-vacuum.html

Warlock Ransomware Group Augments Post-Exploitation Activities ...

2026-03-30T04:00:11+02:00

Warlock Ransomware Group Augments Post-Exploitation Activities

https://www.darkreading.com/threat-intelligence/warlock-ransomware-post-exploitation-activities

Coruna, DarkSword & Democratizing Nation-State Exploit ...

2026-03-29T22:35:01+02:00

Coruna, DarkSword & Democratizing Nation-State Exploit Kits

https://www.darkreading.com/endpoint-security/coruna-darksword-democratizing-nation-state-exploit-kits

SQL to SSH: Critical 9.1 CVSS RCE in Grafana Turns Monitoring ...

2026-03-29T19:34:53+02:00

SQL to SSH: Critical 9.1 CVSS RCE in Grafana Turns Monitoring into a Remote Hijack

https://securityonline.info/grafana-critical-rce-vulnerability-cve-2026-27876-sql-expressions/

Inside a Modern Fraud Attack: From Bot Signups to Account ...

2026-03-29T16:56:17+02:00

Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers

https://www.bleepingcomputer.com/news/security/inside-a-modern-fraud-attack-from-bot-signups-to-account-takeovers/

Trivy Supply Chain Attack Targets CI/CD Secrets ...

2026-03-29T14:42:13+02:00

Trivy Supply Chain Attack Targets CI/CD Secrets

https://www.darkreading.com/application-security/trivy-supply-chain-attack-targets-ci-cd-secrets

Critical 9.3 CVSS Auth Bypass and XSS Flaws Hit MantisBT ...

2026-03-29T10:28:21+02:00

Critical 9.3 CVSS Auth Bypass and XSS Flaws Hit MantisBT

https://securityonline.info/mantisbt-critical-authentication-bypass-vulnerability-cve-2026-30849/

Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw ...

2026-03-29T07:56:24+02:00

Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw

https://www.malwarebytes.com/blog/bugs/2026/03/meet-khaled-mohamed-the-bug-hunter-who-found-a-microsoft-flaw

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead ...

2026-03-29T05:54:19+02:00

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

https://www.darkreading.com/application-security/github-openclaw-deployer-repo-delivers-trojan

CVE-2026-33656: EspoCRM ≤ 9.3.3 — Formula engine ACL gap + ...

2026-03-29T05:40:54+02:00

CVE-2026-33656: EspoCRM ≤ 9.3.3 — Formula engine ACL gap + path traversal → authenticated RCE (full write-up + PoC)

https://www.reddit.com/r/netsec/comments/1s39ujn/cve202633656_espocrm_933_formula_engine_acl_gap/

Chaining file upload bypass and stored XSS to create admin ...

2026-03-29T05:33:21+02:00

Chaining file upload bypass and stored XSS to create admin accounts: walkthrough with Docker PoC lab

https://www.reddit.com/r/netsec/comments/1s5zzw1/chaining_file_upload_bypass_and_stored_xss_to/

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit ...

2026-03-29T03:12:18+02:00

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

https://www.darkreading.com/application-security/checkmarx-kics-code-scanner-widening-supply-chain

New Infinity Stealer malware grabs macOS data via ClickFix lures ...

2026-03-28T23:53:53+01:00

New Infinity Stealer malware grabs macOS data via ClickFix lures

https://www.bleepingcomputer.com/news/security/new-infinity-stealer-malware-grabs-macos-data-via-clickfix-lures/

‘CanisterWorm’ Springs Wiper Attack Targeting Iran ...

2026-03-28T21:53:41+01:00

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

https://krebsonsecurity.com/2026/03/canisterworm-springs-wiper-attack-targeting-iran/

Zabbix API Vulnerability: High-Severity SQL Injection Threatens ...

2026-03-28T19:53:25+01:00

Zabbix API Vulnerability: High-Severity SQL Injection Threatens Network Monitoring Security

https://securityonline.info/zabbix-api-sql-injection-vulnerability-cve-2026-23921/

High-Severity strongSwan Flaw Enables Remote VPN Gateway Crashes ...

2026-03-28T17:26:05+01:00

High-Severity strongSwan Flaw Enables Remote VPN Gateway Crashes

https://securityonline.info/strongswan-vpn-cve-2026-25075-eap-ttls-dos-vulnerability/

Criminals are renting virtual phones to bypass bank security ...

2026-03-28T15:17:15+01:00

Criminals are renting virtual phones to bypass bank security

https://www.malwarebytes.com/blog/news/2026/03/criminals-are-renting-virtual-phones-to-bypass-bank-security

Bogus Avast website fakes virus scan, installs Venom Stealer ...

2026-03-28T13:10:07+01:00

Bogus Avast website fakes virus scan, installs Venom Stealer instead

https://www.malwarebytes.com/blog/threat-intel/2026/03/bogus-avast-website-fakes-virus-scan-installs-venom-stealer-instead

Critical 9.8 CVSS SpEL Injection and SSRF Flaws Hit Spring AI ...

2026-03-28T10:47:05+01:00

Critical 9.8 CVSS SpEL Injection and SSRF Flaws Hit Spring AI Framework

https://securityonline.info/spring-ai-security-vulnerabilities-rce-ssrf-spel-injection-patch/

Telnyx package on PyPI compromised by TeamPCP. WAV steganography ...

2026-03-28T10:33:11+01:00

Telnyx package on PyPI compromised by TeamPCP. WAV steganography used for payload delivery

https://www.reddit.com/r/netsec/comments/1s5qot0/telnyx_package_on_pypi_compromised_by_teampcp_wav/

China Upgrades the Backdoor It Uses to Spy on Telcos Globally ...

2026-03-28T08:32:34+01:00

China Upgrades the Backdoor It Uses to Spy on Telcos Globally

https://www.darkreading.com/threat-intelligence/china-upgrades-backdoor-spy-telcos

CRITICAL ALERT: Telegram Vulnerability “ZDI-CAN-30207” ...

2026-03-28T06:11:23+01:00

CRITICAL ALERT: Telegram Vulnerability “ZDI-CAN-30207” Exposes Users to Zero-Click Attacks

https://securityonline.info/telegram-critical-zero-click-vulnerability-zdi-can-30207/

SANS: Top 5 Most Dangerous New Attack Techniques to Watch ...

2026-03-28T03:39:21+01:00

SANS: Top 5 Most Dangerous New Attack Techniques to Watch

https://www.darkreading.com/threat-intelligence/sans-most-dangerous-attack-techniques

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio ...

2026-03-28T01:27:02+01:00

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

https://www.bleepingcomputer.com/news/security/backdoored-telnyx-pypi-package-pushes-malware-hidden-in-wav-audio/

GlassWorm: Part 6. Fake Trezor Suite and Ledger Live for macOS, ...

2026-03-27T23:18:03+01:00

GlassWorm: Part 6. Fake Trezor Suite and Ledger Live for macOS, per-request polymorphic builds.

https://www.reddit.com/r/netsec/comments/1s3kiyj/glassworm_part_6_fake_trezor_suite_and_ledger/

Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors ...

2026-03-27T20:54:47+01:00

Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors

https://securityonline.info/n8n-critical-rce-vulnerabilities-merge-gsuiteadmin-nodes/

Fake VS Code alerts on GitHub spread malware to developers ...

2026-03-27T18:54:34+01:00

Fake VS Code alerts on GitHub spread malware to developers

https://www.bleepingcomputer.com/news/security/fake-vs-code-alerts-on-github-spread-malware-to-developers/

CISA: New Langflow flaw actively exploited to hijack AI workflows ...

2026-03-27T16:28:04+01:00

CISA: New Langflow flaw actively exploited to hijack AI workflows

https://www.bleepingcomputer.com/news/security/cisa-new-langflow-flaw-actively-exploited-to-hijack-ai-workflows/

Critical Flaw in Langflow AI Platform Under Attack ...

2026-03-27T13:45:45+01:00

Critical Flaw in Langflow AI Platform Under Attack

https://www.darkreading.com/vulnerabilities-threats/critical-flaw-langflow-ai-platform-under-attack

GlassWorm attack installs fake browser extension for surveillance ...

2026-03-27T11:35:12+01:00

GlassWorm attack installs fake browser extension for surveillance

https://www.malwarebytes.com/blog/news/2026/03/glassworm-attack-installs-fake-browser-extension-for-surveillance

Coruna iOS exploit framework linked to Triangulation attacks ...

2026-03-27T09:26:05+01:00

Coruna iOS exploit framework linked to Triangulation attacks

https://www.bleepingcomputer.com/news/security/coruna-ios-exploit-framework-linked-to-triangulation-attacks/

Critical RCE Flaw in PTC Windchill and FlexPLM Puts Product Data ...

2026-03-27T07:07:33+01:00

Critical RCE Flaw in PTC Windchill and FlexPLM Puts Product Data at Risk

https://securityonline.info/ptc-windchill-flexplm-critical-rce-vulnerability-cve-2026-4681/

ClickFix Campaigns Targeting Windows and macOS ...

2026-03-27T05:02:58+01:00

ClickFix Campaigns Targeting Windows and macOS

https://www.recordedfuture.com/research/clickfix-campaigns-targeting-windows-and-macos

Proof-of-Concept Released: Public Exploit Details for Windows ...

2026-03-27T03:02:44+01:00

Proof-of-Concept Released: Public Exploit Details for Windows Error Reporting LPE (CVE-2026-20817)

https://securityonline.info/windows-error-reporting-lpe-cve-2026-20817-public-poc-exploit/

PROTOCOLO DELTA SWORD: Full Disclosure de Persistência Zero-Day ...

2026-03-27T00:55:51+01:00

PROTOCOLO DELTA SWORD: Full Disclosure de Persistência Zero-Day e Omissão Corporativa (Google/Samsung)

https://www.reddit.com/r/netsec/comments/1s4irxz/protocolo_delta_sword_full_disclosure_de/

Hackers Actively Exploiting 9.8 Critical RCE Flaw in Kali Forms ...

2026-03-26T20:34:27+01:00

Hackers Actively Exploiting 9.8 Critical RCE Flaw in Kali Forms WordPress Plugin

https://securityonline.info/kali-forms-vulnerability-wordpress-rce-cve-2026-3584/

Most Google Cloud Attacks Start With Bug Exploitation ...

2026-03-22T12:16:42+01:00

Most Google Cloud Attacks Start With Bug Exploitation

https://www.darkreading.com/cloud-security/google-cloud-attacks-bug-exploitation

Microsoft Azure Monitor alerts abused for callback phishing ...

2026-03-22T10:09:16+01:00

Microsoft Azure Monitor alerts abused for callback phishing attacks

https://www.bleepingcomputer.com/news/security/microsoft-azure-monitor-alerts-abused-in-callback-phishing-campaigns/